Announcement

Collapse
No announcement yet.

GrSecurity Kernel Patches Will No Longer Be Free To The Public

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • starshipeleven
    replied
    Originally posted by oiaohm View Post
    The price of not being at least partly mainline it left the door open to competition.
    Heh it depends on who you believe.

    The big issue here is that there is no unbiased analysis to help see what is actually happening, for example is KSPP doing a good enough job?

    grsecurity people of course shit on KSPP at any occasion and link to articles that find vulnerabilities in it that aren't there in their stuff, but they have some obvious bias so heh.

    KSPP people don't provide much info, and even if they did it they would still have the bias.

    So yeah, it's still too much smoke and mirrors to tell anything for sure.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by starshipeleven View Post
    I said upstream didn't accept, not that they submitted. Someone else did submit some stuff, and upstream didn't accept it.
    Yes upstream responded with break those patches up and resubmit.
    https://kernsec.org/wiki/index.php/K...ection_Project
    Yes the kernel self protection project is being able to break up GrSecurity features and submit them interdependently. Yes they are not as well optimised as GrSecurity ones. Optimisation can come latter.

    GrSecurity could be a jackass and not submit mainline while they did not have competition attempting to do the same things. You think about it you only have enough funds to either support GrSecurity or Kernel Self Protection Project. The Kernel Self Protection Project the fact it going up stream and peer reviewed its going to draw some peoples attention.

    The price of not being at least partly mainline it left the door open to competition.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by Truth View Post
    What is it with the authors of hardening patchsets and being upstream-hostile drama-laden egomongers?
    That's pretty much the stereotype of hacker.

    Leave a comment:


  • peppercats
    replied
    Originally posted by Truth View Post
    What is it with the authors of hardening patchsets and being upstream-hostile drama-laden egomongers?

    Fat lot of good such an approach did for Suhosin, and now grsec are going even more full-retard, wow.
    It's advantageous to their business model to portray the Linux kernel as negatively as possible. The more they portray upstream as being bumbling oafs that don't understand or want to fix security issues, the more they can sell their product.

    Leave a comment:


  • Truth
    replied
    What is it with the authors of hardening patchsets and being upstream-hostile drama-laden egomongers?

    Fat lot of good such an approach did for Suhosin, and now grsec are going even more full-retard, wow.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by lunarcloud View Post
    Charging for something isn't against the GPL...
    But isn't withholding source code against the GPL? How is this not in violation?
    GPL requires you to provide sources to individuals that receive your binary program, not to the world at large.

    There are various projects like this that use GPLed code from kernel as if it was basically closed source since they only share with customers, that are obviously unlikely to share with third parties.

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by peppercats View Post
    Grsecurity has never submitted an upstream patch.
    https://lwn.net/Articles/315164/
    I said upstream didn't accept, not that they submitted. Someone else did submit some stuff, and upstream didn't accept it.

    Leave a comment:


  • peppercats
    replied
    Originally posted by lunarcloud View Post
    Charging for something isn't against the GPL...
    But isn't withholding source code against the GPL? How is this not in violation?
    Withholding source code is not against the GPL. e.g, if I forked a GPL project of yours and edited it for my own internal use, you couldn't demand I release the code. I only have to distribute the source(or access to such) if I redistributed a binary of my fork.
    https://www.gnu.org/licenses/gpl-faq...UnreleasedMods

    Leave a comment:


  • peppercats
    replied
    Originally posted by starshipeleven View Post
    You mean upstream not accepting most of their changes? Because that's what happened in reality.
    Grsecurity has never submitted an upstream patch.
    https://lwn.net/Articles/315164/

    Leave a comment:


  • lunarcloud
    replied
    Charging for something isn't against the GPL...
    But isn't withholding source code against the GPL? How is this not in violation?

    Leave a comment:

Working...
X